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Abstract 

Let a quantified inequality constraint over the reals be a formula in 
the first-order predicate language over the structure of the real numbers, 
where the allowed predicate symbols are < and <. Solving such con¬ 
straints is an undecidable problem when allowing function symbols such 
sin or cos. In the paper we give an algorithm that terminates with a so¬ 
lution for all, except for very special, pathological inputs. We ensure the 
practical efficiency of this algorithm by employing constraint program¬ 
ming techniques. 


1 Introduction 

The problem of solving quantified constraints over the reals has numerous appli¬ 
cations (we have created a web-page that lists more than fifty references [39]). 
However, it is undecidable, when allowing function symbols such as sin or 
cos [53], and highly complex when restricting oneselves to addition and mul¬ 
tiplication [18, 59]. 

In this paper we give an algorithm that nevertheless always terminates for 
inputs that are stable in the sense that their truth value (in the case where 
all variables are quantified) does not change under small perturbations of the 
occurring constants. For example, the constraint Vx x 2 + l > 0 is stable, whereas 
Vx x 2 > 0 is not. 

Furthermore, we ensure the practical efficiency of the algorithm by basing 
it on techniques from the field of constraint programming [8, 9, 49, 55]. The 
basic idea of these techniques is to reduce the average run-time of algorithms 
for computationally hard problems by replacing expensive exhaustive search as 
much as possible by methods for pruning elements from the search space for 
which it is easy to show that they do not contain solutions. 

In this paper we extend this idea to quantified inequality constraints for 
which all (free and bound) variables are bounded to a closed interval: We try 
to prune elements from these bounds for which it is easy to show that they 

‘This is a revised and extended version of an earlier paper [42], Please note the changed 
terminology that should contribute to a wider accessibility of the results. 


1 



do not contain solutions. When we cannot easily prune more elements, we do 
branching by splitting a bound into pieces (for quantified variables this means 
replacing sub-constraints of the form \/x £ I tj> by Vx £ h <f> A Vx £ I 2 4> 
where I = I\ U I 2 , or the corresponding existential case). This gives us new 
possibilities for pruning. We repeat the two steps until we have pruned all 
elements (or disproved the constraint). For computing elements of the bounds 
that do contain solutions we take the negation of the input constraint and again 
apply the above branch-and-prune approach. 

In the paper we formalize this approach, study its properties in detail, im¬ 
prove it for an implementation, and do timings that show its efficiency. 

As a side-effect, this paper even improves the current methods for numerical 
constraint satisfaction problems in the case where the solution set does not 
consist of finitely many, isolated solutions, which—up to now—was essential for 
their efficiency. For example, the book describing the system Numerica [56] 
explicitly states that for inputs not fulfilling that property the method creates 
a huge number of boxes. 

In order to be able to reuse existing theory, algorithms and software for 
solving atomic inequality constraints (i.e., constraints of the form t > 0 or 
t > 0, where t is a term), and to be able to benefit from further progress in 
this area, the paper employs a parametric approach: It takes as input theory 
and algorithms from constraint programming, and provides as output corre¬ 
sponding new theory and algorithms for solving quantified constraints. More 
specifically, building upon the notion of a narrowing operator [55, 7, 25], it 
takes as input: a specification describing a consistency notion for atomic in¬ 
equality constraints (e.g., box-consistency [8]), and a narrowing operator that 
implements this specification. It provides as output: a specification describ¬ 
ing a corresponding consistency notion for quantified constraints, a narrowing 
operator that implements this specification, and an algorithm for computing 
approximate solutions of quantified constraints over the reals that uses this nar¬ 
rowing operator for pruning. These outputs are accompanied with proofs of 
their usefulness/optimality. 

For the special case where the only allowed function symbols are addition 
and multiplication, up to recently, all algorithms have been based on computer 
algebra methods [14, 11], which resulted in certain drawbacks (e.g., low practical 
efficiency, restriction to polynomials, unwieldy output expressions). In an earlier 
paper [41] the author of this paper proposed a scheme for solving quantified 
constraints approximately that followed the idea of quantifier elimination by 
cylindrical algebraic decomposition [14, 11], but decomposed space into floating¬ 
point boxes instead of semi-algebraic cells. This approach was successful in 
showing that one can efficiently compute approximate solutions of quantified 
constraints using interval methods. However it still had several drawbacks. 
Especially, it was not clear when and how to optimize box splitting, because the 
algorithm was not separated into (inherently exponential) search, and pruning. 
The current paper provides a solution to this, and other, problems of the older 
approach. 

The following special cases of the general problem have been studied using 
interval or constraint satisfaction methods: 

• The case of expressions of the form Vp q ), where </>(p, q) is a system 
of strict inequalities [28, 33, 27] using methods that repeatedly bisect the 
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free-variable space, and test after each bisection, whether the system of 
inequalities holds everywhere on the resulting box. 

• The case of expressions of the form Vp cj)(p, q ), where q) is a system 
of strict inequalities [6], using methods that correspond to our case for 
universal quantification, conjunction and atomic constraints, but without 
branching in the universally quantified variables. 

• The case of quantified systems of equations where certain variables occur 
only once, and the quantifiers obey certain orderings (various results by 
S. Shary, see just for example [51]). 

• The case of disjunctive constraints. This has been done in the discrete 
case [29, 57], and in the continuous case for disjunctive constraints occur- 
ing in interactive graphical applications [34], and in a similar way as in 
this paper for speeding up solving of factorizable constraints [24]. 

See also an overview on methods for solving quantified inequalities in con¬ 
trol [19]. For improving box splitting strategies for inequality constraints Silaghi, 
Sam-Haround and Faltings [52] use information from the negation of the input 
constraints. A similar problem is the problem of extending the bounds of uni¬ 
versal quantifiers, for which a method based on constraint propagation [13] is 
provided for the special case of a system of inequalities for which all variables 
are universally quantified. Also for discrete domains there is a lot of recent 
interest solving constraints with quantifiers [10, 21], or related stochastic con¬ 
straints [58]. 

Some of the above [13, 6, 52] take a similar approach of using the negation 
of the input to compute positive information. However, they do not address the 
question of being able to compute answers for all except unstable inputs. 

The content of the paper is as follows: Section 2 gives various preliminaries; 
Section 3 introduces a framework for reusable pruning based on the notion of 
narrowing operator; Section 4 describes an according notion of consistency for 
quantified constraint that allows us to specify the pruning power of narrowing 
operators; Section 5 gives a generic algorithm for pruning that implements a 
narrowing operator; Section 6 bases an according branch-and-prune solver for 
quantified constraints on this pruning algorithm. Section 7 discusses how to 
arrive at an efficient implementation of such a solver; Section 8 presents timings 
of such an implementation; Section 9 discusses the relation of the results to 
symbolic quantifier elimination algorithms; and Section 10 concludes the paper. 


2 Preliminaries 

We fix a set V of variables. A quantified constraint (or short: constraint) is 
a formula in the first-order predicate language over the reals with predicate 
and function symbols interpreted as suitable relations and functions, and with 
variables in V. We take over a large part of the according predicate-logical 
terminology without explicit definitions. 

In this paper we restrict ourselves to the predicate symbols <, >, <, and 
>, and assume that equalities are expressed by inequalities on the residual 


3 


(i.e., / = 0 as |/| < £ or f 2 < e, where e is a small positive real constant 1 ). 
Furthermore we only deal with constraints without negation symbols because 
one can easily eliminate negation symbols from quantified constraints by pushing 
them down, and replacing atomic constraints of the form ->(/ < g) by / > g, 
and ->(/ < g) by / > g, respectively. For any quantified constraint <j>, let A<^> (the 
opposite of <j>) be the quantified constraints that results from ->(/) by eliminating 
the negation by pushing it down to the predicates. 

We require that every quantifier be bounded by an associated quantifier 
bound, using expressions of the form 3x £ I or Vi € /, where I is a closed 
interval. 

A variable assignment is a function from the set of variables V to R. We 
denote the semantics of a constraint <J), the set of variable assignments that make 
(f true, by [<^]. For example, \x 2 + y 2 < 1] is the set of variable assignments 
that assign values within the unit disc to x and y. 

For any variable assignment d, any variable v £ V and any real number r, 
we denote by d- the variable assignment that is equal to d except that it assigns 
r to v. 

Let I be the set of closed real intervals. We denote by I\ ttl I 2 the smallest 
interval containing both intervals I\ and 1%. A box assignment is a set of variable 
assignments that can be represented by functions from V to I; that is, it contains 
all the variable assignments that assign elements within a certain interval to a 
variable. For example, for V = {x,y}, the set of variable assignments that 
assign an element of [—1,1] to both x and y is a box assignment—this set of 
variable assignments can be represented by the function that assigns [—1,1] to 
both x and y. 

From now on we will use a box assignment and its interval function repre¬ 
sentation interchangeably. For any box assignment B , any variable v £ V, and 
any interval I, we denote by B^ the box assignment that is equal to B except 
that it assigns I to v. In the context of closed constraints we denote by the 
Boolean value F the empty box assignment and by the Boolean value T the box 
assignment that assigns the set of real numbers R to each variable, and allow 
the usual Boolean operation on them. We denote by {x 1 —> [—1,1 ],y h->} a box 
assignment that assigns the interval [—1,1] to the variable x and an arbitrary 
interval to the variable y. 

Traditionally, constraint programming techniques [8, 9, 49, 55] use boxes 
(i.e., Cartesian products of intervals) instead of box assignments. However, 
when working with predicate logic, the additional flexibility of box assignments 
is very convenient in dealing with the scoping of variables. For efficiency reasons, 
an actual implementation might represent box assignments by boxes. 


3 A Framework for Reusable Pruning 

Remember that our approach will be to solve quantified constraints by a branch 
and prune algorithm. Fortunately, there is already a lot of work done on how 
to do pruning on atomic constraints, and their conjunctions. The formal frame¬ 
work for this is the notion of a narrowing operator [5, 9], which specifies some 

1 The constant e needs to be non-zero because otherwise solutions would vanish under small 

perturbations of e, resulting in an unstable [44] constraint. 


4 



properties required of such an algorithm without regard to the concrete algo¬ 
rithm. In this paper we generalize this notion to quantified constraints. This 
will allow us to reuse existing theory, algorithms, and software implementing 
such narrowing operators. Readers who are only interested in a concrete prun¬ 
ing algorithm and not in a formal framework for reasoning about its properties 
can directly jump to Section 5. 

The essential difference between our approach and the classical one is that 
quantified constraints also store information about the range of variables within 
the constraint, and so we allow a narrowing operator to modify constraints also. 
For this we use pairs (<f>,B), where 4> is a quantified constraint and B is a box 
assignment. We call such pairs bounded constraints , and the second element of 
a bounded constraint its free-variable bound. 

Definition 1 A narrowing operator is a function N on bounded constraints 
suchthatfor bounded constraints (cf>,B), and (<p r , B'), and for B) = (^n,Bn), 

and N(cj)',B') = (<j>' N ,B' N ), 

• B D Bn (contractance), 

• n Bn = [(/)] n Bn (soundness), 

• B' C B implies B' N C Bn (monotonicity), and 

• N(N (0, B)) = N(tp, B) (idempotence). 

Note that we use a soundness condition here, instead of a correctness con¬ 
dition: We require that the solution set of the resulting constraint be the same 
only on the resulting box, but not necessarily on the initial box. We will ensure 
full correctness by the next definition. 

Constraint programming techniques for continuous domains traditionally 
compute outer approximations of the solution set. However, here we also want 
to compute inner approximations for three reasons: First, we need to compute 
such inner approximations for proving closed constraints to be true. Second, 
the solution set of quantified constraints with inequality predicates usually does 
not consist of singular points, but of sets that can have volume, and for many 
applications it is important to find points that are guaranteed to be within this 
solution set. And third, available inner approximations can speed up the com¬ 
putation of outer approximations and vice versa, because any element known 
to be within the solution set, or known to be not in the solution set, does not 
need to be inspected further. 

So we will allow two kinds of narrowing operators—one that only removes 
elements not in the solution set, and one that only removes elements in the 
solution set. 

Definition 2 A n outer narrowing operator is a narrowing operator N such that 
for every bounded constraint (< f>,B ), for the free-variable bound Bn of N(<f,B), 
Bn 2 Rn[</>]. An inner narrowing operator is a narrowing operator N_ such that 
for every bounded constraint (t f>,B), for the free-variable bound Bn of N(<t>. B). 

B n \ [0] 2 . 

2 This definition of inner narrowing operator differs from the one used by Benhamou and 
Goualard [6]. 
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As discussed in the introduction, we get an inner narrowing operator from 
an outer narrowing operator by working on the opposite of the input: 

Theorem 1 Let N be a function on bounded constraints and let N_(4>, B) := 
(A <where ((]>n,Bn) = TV(A0, B). Then TV is an outer narrowing oper¬ 
ator iff TV is an inner narrowing operator. 

Proof. Obviously TV is a narrowing operator iff TV is a narrowing operator. TV 
is outer narrowing iff TV is inner narrowing because for any bounded constraint 
(6 B), B O [A</>] = B \ W, and B \ [^>] =B 0 [</>]. ■ 

A similar observation has already been used for the special case of quantified 
constraints with one universal quantifier [6]. The above theorem allows us to 
concentrate on outer narrowing operators from now on. We get the correspond¬ 
ing inner narrowing operator for free by applying the outer narrowing operator 
on the opposite of the input. 


4 Consistency of Quantified Constraints 

In constraint programming the notion of consistency is used to specify the prun¬ 
ing power of narrowing operators. In this section we generalize this approach 
to quantified constraints. Again, readers who are only interested in a concrete 
algorithm and not in formal reasoning about its properties, can skip this section. 

Clearly, it is not possible to prune the empty set further. So we require 
the following from a predicate on bounded constraints that we use for such 
specification purposes: 

Definition 3 A consistency property is a predicate C on bounded constraints 
such that for every constraint <f>, C{<j>, 0). 

Example 1 For an atomic bounded constraint ((j),B), BC((f>,B) holds iff there 
is no (canonical-interval-wide) face of the hyperrectangle described by B for 
which interval evaluation [36, 37, 27] will prove that it contains no element of 
[0]. In this case we say that </> is box-consistent wrt. B [8, 55]. 

The strongest form of consistency achievable using floating-point numbers 
is: 

Example 2 For a bounded constraint (</>, B), B ) holds iff there is no box 

assignment B' with floating-point endpoints such that B' C B and [(/)] C B' = 
[</>] nB. In this case we say that (f> is hull-consistent wrt. B [9]. 

Note that in the constraint programming literature [12, 5, 8], the definition 
of hull-consistency usually assumes, that the according constraints have been 
decomposed into so-called primitive constraints. We do not follow this approach 
here, because that would blur the borderline between consistency properties and 
symbolic preprocessing of constraints. 

The following is the strongest form of consistency that does not result in loss 
of information, that is, for which an outer narrowing operator exists. 
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Definition 4 For a bounded constraint (c f>,B), TC{(f>,B) holds iff there is no 
box assignment B' such that B' C B and [0] n B' = [0] n B. In this case we 
say that <p is tightly consistent wrt. B. 

Now we can use consistency properties as specifications for the effectiveness 
of narrowing operators: 

Definition 5 Given a consistency property C, a narrowing operator N ensures 
C iff for all bounded constraints ( (f>,B ), C{N{f>, B)) holds. 

Now we assume a certain consistency property on literals (i.e., atomic con¬ 
straints and their negations) and lift it to a corresponding consistency property 
on quantified constraints. 

Definition 6 Given a quantified constraint <j) and a consistency property C on 
literals, let C be the following predicate: 

• if <j> is a literal, then C{(f>, B) iff C(<p, B) 

• if (f> is of the form (f>i A (f >2 thenC{(f>,B) iffC{(f>i,B) and C{(f> 2 , B). 

• if (j> is of the form <f >i V (f> 2 then C{(f>, B) iff B = l±) B 2 where C{(f> 1 , B 1 ) 

and C(^ 2 ,B 2 ). 

• if <j> is of the form Qy E I' <f>', where Q is a quantifier, then C(<p,B) iff 
CW,B$). 

Theorem 2 For a consistency property C, C is also a consistency property. 

If for a bounded constraint {(f), B), C{(f>,B) holds, we say that {(f), B) is 
structurally C-consistent. 

Note that, in the above definition, recursion for quantification puts the quan¬ 
tifier bound into the free-variable bound of the quantified constraint. This means 
that a narrowing operator will also have to modify the quantifier bounds in order 
to achieve structural consistency. 

Example 3 The bounded constraint ( 3y E [0,1 }[x 2 + y 2 < 1 A y > 0] , {x h-> 
[—1,1], y 1 —>} ) is structurally tightly consistent, and it will be the result of apply¬ 
ing an according narrowing operator to an input such as {3y E [—2, 2] [ x 2 + y 2 < 
1A!/>0],{ih [-2, 2], y 1 ). 

Note that Definition 6 is compatible with the usual consistency notions for 
sets of constraints [8, 7]. For example a set of atomic constraints {<f> 1 ,..., (f) n } is 
box-consistent wrt. a box assignment B iff {(f> 1 A • • • A <f> n , B) is i?C-consistent. 
In addition, the method for solving constraints with one universally quantified 
variable by Benhamou and Goualard [6] computes a special case of Definition 6. 

In the following sense, our definition of C-consistency is optimal (remember 
that tight consistency is the strongest possible consistency property). 

Theorem 3 A TC-consistent bounded constraint {(f>,B), where (f> contains nei¬ 
ther conjunctions nor universal quantifiers, is TC-consistent. 
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Proof. We proceed by induction over the structure of constraints. The atomic 
case trivially holds. Now assume constraints of the following types: 

• For a TC-consistent bounded constraint of the form (</>i V fo, B), by defi¬ 
nition, we have B = B\ l+l B 2 where TC{4>i, B\) and TC(cf> 2 , B 2 ). By the 
induction hypothesis both (0i,i?i) and (<(> 2 ,- 62 ) are tightly consistent. So 
for no box assignment B[ C B ll we have B[ 3 B 1 fl and for no 
box assignment B 2 C B 2 , we have B' 2 D B 2 fl [</> 2 ]. Thus also for no box 
assignment B' C f?i W B 2 , we have B' D B fl ([^ 1 ] U [</> 2 ]) = B fl \(j>i V <(> 2 ]. 

• For a TC-consistent bounded constraint of the form (3 y € I' <f>',B), by 

definition , 66 ). Thus, by the induction hypothesis (<(>', # 6 ) is 

tightly consistent. So for no box assignment BJ, C S^-, 3 B-b n [</>']. 

As a consequence also for no box assignment B p C B, B p D fJnpyG/' </>'], 
and so (3 y£l' <j)',B ) is tightly consistent. 


The fact that the above theorem does not hold for constraints with con¬ 
junctions is well known [9]. It is illustrated in Figure 1, where both (pi and (f> 2 
are tightly consistent wrt. the box B (i.e. the larger box encloses the ellipses 
tightly), but <j> 1 A ^2 is only tightly consistent wrt. the smaller box B' (i.e., the 
smaller, but not the larger box, encloses the intersection of the ellipses tightly). 



Figure 1: Conjunction—Structural Tight Consistency 


For universal quantification there is a similar problem: In Figure 2, cj) is 
tightly consistent wrt. the box B, but when considering Vy G I (f> one can still 
narrow B horizontally. So any stronger consistency notion would have to treat 
universal quantification differently from existential quantification. 



Figure 2: Universal Quantification—Structural Tight Consistency 








5 Pruning Algorithm 

In this section we give an algorithm for pruning quantified constraints that 
can use an arbitrary algorithm for pruning atomic constraints. This algorithm 
fulfills the formal properties introduced in Sections 3 and 4. 

The algorithm proceeds recursively according to the structure of constraints. 
For conjunctions this means the usual: We prune wrt. the individual sub¬ 
constraints, until this does not result in any further improvements, that is, until 
we reach a fix-point. For disjunctions we prune the individual sub-constraints 
and combine the result by taking the smallest box assignment containing the 
union. 

For existentially quantified bounded constraints of the form (3x £ I (j),B) 
we proceed as shown in Figure 3, where the horizontal axis represents the free- 
variable bound B (ignoring the component corresponding to the variable x) 
and the vertical axis the quantifier bound I. Below and to the left of these 
axis we show the changes on the corresponding elements. We recursively prune 
the bounded sub-constraint (cj), B^) consisting of the sub-constraint <f >, and the 
box assignment that is the same as B except that it assigns / to the variable 
x. We use the result to remove these elements from the free-variable bound B 
and the quantifier bound I for which recursive pruning showed that they do 
not contain any solution. This results in the new free-variable bound B' and 
quantifier bound B'{x). 



B' 


B 

Figure 3: Existential Pruning 

For universally quantified bounded constraints of the form (Vx £ I (f>,B) : if 
pruning of the sub-constraints removes elements from J, the whole constraint is 
false, and we can replace B by the empty set (Figure 4). If no such elements 
are removed then we just prune B accordingly (Figure 5). 

To formalize the above, we let fix be a partial function such that, for a set 
of functions {/i,..., /„}, for all a, fix({/ lti ..., /n})(a) is a fixpoint of applying 
{/i,..., /„} to a, if such a fixpoint exists, and is undefined, otherwise. Now we 
have: 

Definition 7 

• For atomic (f), N a{4>,B) = A^^B), 
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Figure 4: Universal Pruning 



B 

Figure 5: Universal Pruning 
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• N A {<t >i A <^ 2 ,B) = fix({N[, Nz})^ A<j) 2 ,B) 

where n' 1 (<I >i A f> 2 ,B) = (</)[ A <j> 2 ,B'), where ((/>[, B') = Na{<!>i,B), 
and n' 2 (4>i A(j) 2 ,B) = (</>i A <j)' 2 ,B'), where (<f 2 ,B') = N a(</> 2 , B). 

• N A (<j>\ V <t>2, B) = (0i V </> 2 , R} 1±) B' 2 ) 

where ((/)[, B[) = N a {4>i, B) and {(j>' 2 ,B 2 ) = Na{4>2,B) 

• N A (3x&I (f,B) = (3 x€B'(x) <f>',B'), 

where (</>', B') = N A ((f,B^) 

• Na(VxgI cf,B) = (VxG/ 4>',D), 

where (</>', B') = N a (4>,BA) 

and d G D iff for all r G /, G B' 

Example 4 For t/ie input ( 3y G [—2, 2] [x 2 +y 2 < lAy > 0] , {x h-> [—2,2],y i—> 
}) already used in Example 3, a narrowing operator based on tight consis¬ 
tency applies itself recursively to (x 2 + y 2 < 1 A y > 0, {x i—► [— 2, 2],y i—> 
[—2,2]}). Repeated applications of the atomic narrowing operator—until a fix- 
point is reached—will create the constraint (x 2 +y 2 < lAy > 0 , {x i—> [—1,1], y h-» 
[0,1]}). As a final result we get (By G [0,1] [x 2 + y 2 < lAy>0],{iH 

[- 1 , 1 ],y | - > })- 

Example 5 For the input (Vx G [—2,2]x > 0, {x >—>•}), the algorithm will first 
narrow (x > 0, {x i—> [—2,2]}) to [x > 0, {x h-> [0,2]}) and then create (Vx G 
[— 2 , 2 ] x > 0 , 0 ), indicating that the constraint is false. 

In the rest of this section we will use the results of Section 3 and 4 for studying 
the properties of the introduced pruning algorithm. Readers not interested in 
these formal properties can directly jump to Section 6 for an according solver. 

Note that the fixed-point operator fix could result in a partial function, that 
is, the algorithm could fail to terminate. For ensuring termination, we require 
that pruning atomic constraints eventually terminates even when intermingled 
with shrinking of the free-variable bound by other operations: 

Definition 8 A narrowing operator N is finitely contracting iff there is no 
infinite sequence Bi), (tf 2 , B 2 ),... for which for all k G N, for ((f) 1 , B') = 
N((f>k, Bk), <pk+i = 4>' and Bk+i is a strict subset of B'. 

This property usually holds for practical implementations, because of the 
finiteness of floating point numbers. 

Lemma 1 If A is a finitely contracting narrowing operator then Na is a total 
function. 

Proof. We assume that A is finitely contracting but N A is not total. This can 
only happen if &x({N 1 , N 2 })((/)i A 4>2,B) is undefined. Consider the sequence 
(<f>l A (f> 2 , B i), (<; b\ A (f> I, B 2 ),... of bounded constraints created by repeated ap¬ 
plications of Ni and N 2 . Here (<fr\,B\), {<f)\^B 2 ), ■ ■ ■ is an infinite sequence as 
in Definition 8 . So Na is not finitely contracting, and by induction also A is 
not finitely contracting—a contradiction. ■ 

The algorithm fulfills the properties needed by the formal framework of 
narrowing operators and gives a unique result (despite the non-unique definition 
of fixpoint operator): 
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Theorem 4 For every finitely contracting (atomic) outer narrowing operator 
A, Na is a unique outer narrowing operator. 

Proof. Contractance and idempotence hold by easy induction. For proving 
that Na is outer narrowing, sound and monotonic we proceed by induction. 
The ground case of atomic constraints holds by definition. Now we have: 

• Obviously the composition of two narrowing operators is also a narrowing 
operator. So, for constraints of the form fa A fa we just need to show 
that both N 1 and N 2 are outer narrowing. For {fa'^B'fa) = N(fa,B) and 
{faiB' 2 ) = N(fa,B), by the induction hypothesis B[ A B fl [</>i] and 
b' 2 a b n Ifaj. Thus also B[ n b' 2 a b n {fa} n {fa} = b n {fa a fa]. The 

induction step for soundness and monotonicity is easy. 

• For constraints of the form faV fa, for {fa. B[) = N(fa,B) and {4>2,B 2 ) = 
N{<j) 2 , B ), by the induction hypothesis B[ A B fl [^> 1 ] and B 2 A B n [^J. 
Thus also B[ W B' 2 A B[ U B' 2 A B n {{fa} U \fa\) = B n \fa V fa}. The 
induction step for soundness and monotonicity is easy. 

• For constraints of the form 3x G I the induction step for outer narrow¬ 
ing is easy. For soundness we have to prove that [3x G I fa} n B' = [3x G 
B'{x) fa} fl B', where B' = Na{ 4>, B^fa). Now by the outer narrowing 
property B' D B fl [</>], and so [3x G I </>] fl B' = [3x G B'{x) </>] fl B'. 
This is equal to [3x G B'{x) fajDB, because by the induction hypothesis 

Ifaj nB' = [fa\nB'. 

• For constraints of the form Vx G / fa for outer narrowing we have to prove 
that DAB fl [Vx G I fa}, where D is defined as in the corresponding rule 
of Definition 7. So we assume a variable assignment d that is both in B 
and [Vx G / fa}, and prove that d G D. This means that we have to prove 
that for all r G I, d^ G B ', where ( fa,B') = Na{4>,B^). This is clearly 
the case by the semantics of universal quantification and the induction 
hypothesis. 

For soundness we have to prove that [Vx £ I fa} C\ D = [Vx G I fa} fl D, 
where D is as above. By the quantifier semantics it suffices to prove that 
[</>] fl Dj = [0'] nfij. This holds, because for all variable assignments 
d G D, for all r G I, d- G B ', and moreover, by the induction hypothesis 

lfa}nB' = lfa}nB'. x 

The uniqueness of the fixpoint operator follows from contractance and mono¬ 
tonicity of narrowing operators [16, 3]. ■ 

By easy induction we also get: 

Theorem 5 Na ensures A-consistency. 

By applying Theorem 1 we get a corresponding inner narrowing operator 
Na from Na- Note, however, that Na and N A do not commute, and Na ° N_a 
is not idempotent. 

As for the classical conjunctive case, the complexity of the algorithm in 
a floating-point implementation is polynomial in the problem dimension (the 
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number of floating point numbers that one can remove from the quantification 
bounds is polynomial). So, as desired, pruning is efficient compared to expen¬ 
sive exhaustive search, and even more so compared to the doubly exponential 
complexity of symbolic solvers [14, 11]. 

Note however, that the cardinality of the usual float-point representations is 
so high that, in addition, one should take care that the worst-case complexity 
is not reached in practice. 


6 Solver 

Now a branch-and-prune algorithm can do pruning according to Definition 7, 
and branching means replacing sub-constraints of the form Vx £ / <f> by Vx £ 
I\ $ A Vx £ I 2 (/>, or sub-constraints of the form 3x £ / $ by 3x £ I\ (j) V 3x £ I 2 </>, 
where I = I\ U /2 • We assume branching to be fair , in the sense that every bound 
will eventually be split (finding such a strategy is easy, but finding an optimal 
branching strategy is highly non-trivial). 

For disproving a closed constraint <p we repeatedly branch and prune the 
input constraint (<f>, T) until T is pruned to F (remember that F is an abbrevia¬ 
tion for the empty box assignment). For proving we do the same on the opposite 
of cj). For computing the truth-value we do both things in parallel. 

A solver for open quantified constraints could for example use the following 
specification: 

Given: 

• A quantified constraint </> with n free variables, 

• Bcr, 

• e £ R + 

Find: Sets of boxes Y, N s.t. 

• all elements of Y are in the solution set of <f>, 

• all elements of N are not in the solution set of <f>, 

• Vol(B \ U ^ \ U AT)< £ 

This specification allows the user to decide on the trade-off between run-time 
and precision. When choosing a large e, only a small part of the solution set of 
<fi within B will be characterized by Y and N , when choosing an e close to zero, 
almost the whole set will be characterized. 

An according solver is an easy extension of the closed case that would record 
the boxes that narrowing of the input constraint proved to be not in the solution 
set, and narrowing of the opposite of the input constraint proved to be in the 
solution set. Furthermore, in addition to branching the quantified variables it 
also has to branch the free-variable bound. We call the resulting algorithm, a 
parallel branch-and-prune solver. 

For discussing termination of such a branch-and-prune solver it is important 
to see, that the problem of computing truth-values is undecidable. So it is 
impossible to find an algorithm that terminates always. A solution to this 
problem is to require termination for all, except very special cases. 
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For this we observe that the truth-value/solution set of a quantified con¬ 
straint can be numerically unstable [44]. An example is the quantified con¬ 
straint 3xG [—1,1] — x 2 > 0 which is true, but becomes false under arbitrarily 
small positive perturbations of the constant 0. As a consequence, it is not 
possible to design an algorithm based on approximation that will always ter¬ 
minate (with a correct result). Note that this situation is similar for most 
computational problems of continuous mathematics (e.g., solving linear equa¬ 
tions, solving differential equations). However, as in these cases, most inputs 
are still numerically stable (in fact, in a certain, realistic model this is the case 
with probability one [40]). One can even argue that, philosophically speaking, 
the stable problems are exactly the problems that model real-life problems in a 
meaningful way. 

It is beyond the scope of this paper to present all the formal details for 
characterizing stable quantified constraints and we will introduce the necessary 
concepts in a semi-formal way. For this we replace the discrete notion of truth 
of a quantified constraint by a continuous notion [44]. We interpret universal 
quantifiers as infimum operators, existential quantifiers as supremum operators, 
conjunction as minimum, disjunction as maximum, atomic constraints of the 
form / > g or / > g as the function denoted by f — g, and atomic constraints 
of the form / < g or / < g as the function denoted by g — f. We call the 
result the degree of truth of a quantified constraint and denote it by [<(>]] 0 for 
any constraint <j>. This function assigns to every variable assignment a real value 
that is independent of the variables that are not free in (j> . The idea is that the 
degree of truth is greater or equal zero for variable assignments that make <f> 
true, and less or equal zero for variable assignments that make </> false. One can 
prove [44] that the problem of computing the truth value of a closed quantified 
constraint is numerically stable (or: stable) iff its degree of truth is non-zero. 

We assume that the given narrowing operator for atomic constraints even¬ 
tually succeeds for stable inputs: 

Definition 9 An outer narrowing operator A is converging iff for all atomic 
constraints (f> and sequences B° D B 1 A ... such that 

• for all i € N, B l A B l+1 , 

• and DigN-®* = {d}> where the degree of truth of <j> at the variable assign¬ 
ment d is negative, 

there is a k, such that for all l > k, the free-variable bound of A(</), B l ) is empty. 

Note that this trivially holds for tight consistency. For hull and box consis¬ 
tency it is necessary that the number of bits used in floating point computation 
is high enough for a given sequence of boxes. For box consistency, in addition, 
interval evaluation has to converge for all atomic constraints. This is the case 
if they only contain continuous functions such as +, x, exp, and sin, on which 
we can implement interval evaluation, see Theorem 2.2 [27]). 

However, the above property is in general impossible to fulfill for any nar¬ 
rowing operator based on fixed-precision floating-point arithmetic. Still, one 
can easily overcome this difficulty, by using sufficient precision [47] (see Theo¬ 
rem 2.1.5 [37]). Moreover, the application of our method to real-life problems 
has shown that usual double-precision floating-point arithmetic almost always 
suffices in practice. 
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Lemma 2 Let A be a converging outer narrowing operator and let the sequence 
(0 1 , B 1 ), (0 2 , B 2 ),... be such that 

• for all i £ N, B l D B l+1 , and 

• = {d} such that the degree of truth of 0 at the variable assignment 
d is negative, 

• for all i £ N, 0 * +1 results from 0* by branching, and 

• for all e > 0 there is a k such that for all l > k, the volume of all 
quantification sets in <fr is less or equal e. 3 

Then there is a k such that for all l > k, the free-variable bound of N a( 4> 1 , B l ) 
is empty. 

Proof. We proceed by induction over the structure of the constraint 0 1 . For 
atomic constraints the lemma holds because A is converging. Now consider the 
following cases: 

• For constraints of the form 0iA0 2 , [0i A0 2 ]°(d) = min{[0i]°(d), [0 2 ]°(d)} 
being negative implies that either [0i]°(d) is negative or [0 2 ]°(d) is neg¬ 
ative. Therefore at least one of the sequences (0}, B 1 ), (<j) 2 ,B 2 ), ... and 
(02, B 1 ), (0|, B 2 ),... where <p\ is the sub-constraint of q corresponding 
to 0i and 0 2 is the sub-constraint of 0 1 corresponding to 0 2 , fulfills the 
preconditions of the induction hypothesis. Let r £ {1,2} be the number 
of this sequence. Then there is a k, such that for all k > l, the free- 
variable bound of NA{<f l r ,B l ) is empty. Thus, by definition of Na, the 
corresponding free-variable bound is also empty in the original sequence. 

• For constraints of the form V(/) 2 , | 0 iV 02 ]°(d) = max{[0i]°(d), [0 2 ]°(d)} 
being negative implies that both |0i]°(d) and [0 2 ]°(d) are negative. There¬ 
fore both sequences (0}, B 1 ), {(j>\,B 2 ),... and (0 2 , B 1 ), (0|, B 2 ),... where 
01 is the sub-constraint of 0 1 corresponding to 0 i and 0 2 is the sub¬ 
constraint of 0 * corresponding to 0 2 , fulfill the preconditions of the induc¬ 
tion hypothesis. As a consequence there is a k\, such that for all l > ki, 
the free-variable bound of Na{4>\,B 1 ) is empty, and there is a fc 2 , such 
that for all l > fc 2 , the free-variable bound of Na{4> i, B l ) is empty. Thus, 
by definition of Na, for all l > maxjfci, fc 2 } the free-variable bound of the 
/-th element in the original sequence is empty. 

• Constraints of the form Vx £ I 0', are replaced by branching into the form 
Vx £ h 0' A ... A Vx £ Ife0 / - Since the degree of truth of Vx £ / 0' 
at d is negative, by definition of infimum, there is a 6 £ / for which the 
degree of truth of 0' at d x b is negative. Consider the sequence for which 
the i-th element consists of the branch of 0 J that contains d x b, and of 
B l . This sequence fulfills the preconditions of the induction hypothesis, 
and as a consequence there is a k, such that for all k > Z, the Zc-th free- 
variable bound in this sequence is empty. Thus, by definition of Na, the 
corresponding free-variable bound is also empty in the original sequence. 

3 This item formalizes the notion of a fair branching strategy. 
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• Constraints of the form 3x € I ft, are replaced by branching into the form 
3x £ I\ ft V ... V 3x € hft- Since the degree of truth of 3x € I ft at d 
is negative, by definition of supremum, for all b £ I the degree of truth of 
ft at d x b is negative. This means that each sequence for which the z-th 
element consists of a branch of ft and of B l fulfills the preconditions of 
the induction hypothesis, and as a consequence there is a k, such that for 
all k > l, the k-th free-variable bound in this sequence is empty. Thus, by 
definition of N a, the corresponding free-variable bound is also empty in 
the original sequence. 


This implies: 

Lemma 3 A branch-and-prune algorithm for disproving a closed constraint 
succeeds iff the degree of truth of the input is negative. 

From Lemma 3 and its dual version we get: 

Theorem 6 For stable inputs a parallel branch-and-prune solver eventually 
computes the truth value for closed inputs, and fulfills the above solver speci¬ 
fication for open inputs. 

7 Efficient Implementation 

In this section we show how to extend the basic solver for allowing an efficient 
implementation. 

7.1 Connectives with Arbitrary Arity 

The first step for arriving at an efficient implementation, is to treat conjunctions 
and disjunctions not as binary operators, but as operators with arbitrary arity 
(see Definition 7). It is easy to adapt the according algorithms and proofs. 

7.2 Quantifier Blocks 

Treat quantifiers of the same kind in blocks. That is, quantify over a whole 
vector of variables at once, using quantifier bounds that are boxes instead of 
intervals. This allows more flexibility for branching. 

7.3 Removing Empty Disjunctive Branches 

Pruning might show that one of the branches of a disjunction has an empty 
solution set. Currently (see Definition 7) this information is forgotten. In order 
to prevent this we simply remove the corresponding sub-constraint in such as 
case. 
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7.4 Combination with Negated Constraint 

The parallel branch-and-prune solver developed in Section 6 independently 
works on proving and disproving the input constraint. For proving, it employs 
a branch-and-prune procedure on the negation of the input, for disproving, on 
the input itself. Working on the input and its negation separately has the dis¬ 
advantage that information computed for one is not used for the other. In order 
to improve this, we do both on the same constraint, repeatedly negating it in 
between. The result is Algorithm 1 for closed constraints and Algorithm 2 for 
open constraints. Here “Branch” and “Prune” do the obvious, except that in 
the second algorithm “Branch” takes a bounded constraint and returns a set of 
bounded constraints that either 

• contains two elements whose union of bounds is equal to the input bound, 
or 

• contains one element with a quantifier split into a conjunction (in the case 
of a universal quantifier), or a disjunction (in the case of an existential 
quantifier). 


Algorithm 1 Combined Solver for Closed Constraints 
Input: a closed quantified constraint <p 
Output: the truth-value of (p 
unknown <— T 
while unknown do 
neg <— T 
</>'<— F 

(Acp, unknown) <— Prune(^</>, unknown) 
while unknown and (p ^ (p 1 do 

cp'^j> 

neg <— not neg 

if neg then 

( ^(f>, unknown) <— Prune(^0, unknown) 
else 

(</>, unknown) <— Prune(<(>, unknown) 

end if 
end while 

if unknown then 
<p •*— Branch(0) 

end if 
end while 
return neg 


Theorem 7 Algorithms 1 and 2 are correct and terminate for stable inputs. 

Proof. We just show the proof for Algorithm 1, the other case is similar. 

If neg is false at the return statement, then pruning succeeded for cp, and so 
it is false. Otherwise, neg is true and so pruning succeeded for A(p and <p is true. 

The innermost while loop always terminates because there are only finitely 
many floating point numbers, and so the narrowing operator can only do finitely 
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many changes after which (j> = <j >'. Termination of the overall loop again is a 
consequence of Lemma 2. ■ 


Algorithm 2 Combined Solver for Open Constraints 
Input: a quantified constraint <j>, a box B, and a positive real number e 
Output: Y, a list of boxes on which <f> is true, and N, a list of boxes on which 
<f> is false, such that the volume ofB\ljF\|jAis l ess than e. 

U <— {(</>, B)} 

Y <- 0 
N <- 0 

while Vol((J 17) > e do 

choose and remove a bounded constraint (<j>u, By) from U 
neg v- T 

i&UiB'u) <— (<f>U , Bjj) 

Bjj) <- Prune(^>y, B v ) 

B'jj \ Bjj 

while By is non-empty and Bjj) ^ (0^, do 
{fiuiB'u) <— {4>u,Bjj) 
neg <— not neg 

if neg then 

Bjj) Prune("0(7, B v ) 

Y <—Y U B'jj \ Bjj 

else 

(</»£/, -Sc/) <- Prune(0[/, By) 

A e- AT u B'jj \ Bjj 

end if 
end while 
if Vol(lJ U) > e then 
17 U U Branch(</>, By) 

end if 
end while 


7.5 Branching Strategy 

For arriving at an implementation, a good strategy for choosing a (free-variable 
or quantification) bound for branching is crucial. We did not yet try to arrive 
at a theoretically well-founded or even optimal strategy. However, the following 
approach seems to work well in practice: 

In Algorithm 2, for every element of the set U we store the level of the 
last splitting done (viewing constraints as trees), and for each conjunction or 
disjunction (of the original constraint, not the ones created by branching) the 
last branched sub-constraint. We choose the bounded constraint (</>y, By) with 
largest By and branch a sub-constraint 

• that is one level below the last splitting, or (if this is impossible) on the 
highest level, 

• with the maximum volume of the quantifier bound for conjunctions or 
disjunctions created by branching, which is 


18 





• the next sub-constraint for all other conjunctions and disjunctions. 

7.6 Incremental Disjunctive Pruning 

The disjunctive case in Definition 7, has the disadvantage that it stores the 
intermediate results of narrowing all sub-constraints until computing the box 
union ttl of all of them. We can avoid this by using an incremental algorithm 
instead that intermingles the recursive calls with taking the box union of the 
result. 

7.7 Shortcut for Disjunctions 

When doing incremental pruning of disjunctions we might detect that the result 
will be the input box, before inspecting all sub-constraints. We can leave the 
according loop already at this point. 

7.8 Reusing Dual Information 

Sometimes an atomic narrowing operator computes the information that nar¬ 
rowing the negation will fail. For example, assume that a bound [—2, 2] of a 
univariate atomic constraint has been pruned to [—1,1]. For many narrowing 
operators this implies that the constraint does not hold on —1 and 1. Therefore, 
we cannot use the opposite constraint to prune [—1,1] further. 

In the case of box consistency, which we use in our implementation, one 
works on atomic constraints one variable after the other. For each atomic sub¬ 
constraint/variable pair we can get the information that pruning or pruning on 
the opposite will not succeed, that is that this sub-constraint or its opposite is 
consistent. We store this information by assigning to each atomic sub-constraint 
two sets of variables (the mark and the opposite mark). Furthermore, in order 
to reflect the situation for box consistency we assume that consistency also takes 
into account variables. 

Definition 10 We call a bounded constraint (< f>,B ) correctly marked iff for 
every atomic sub-constraint (j)' of (f>, every box assignment B' that results from 
B by replacing all variables of B bounded by <f> by these bounds, and every 
variable v in the mark of <f>', {(j>',B',v) is consistent. 

Sometimes we change the bound of a variable. In this case some of the marks 
might not stay valid. For example, take a constraint of the form 3x £ I x 3y £ 
I y [cfi A <(> 2 ], where <f> 1 is an atomic constraint that contains both variables x 
and y , but 4 >2 is an atomic constraint that only contains y. After pruning, the 
marks and opposite marks of both (f>i and (f >2 can be set to {x,y}, indicating 
that no further pruning is possible. After branching the quantifier of y we have 
to remove the marks of both copies of </>i, but we can keep the marks of the 
copies of (j >2 since </>2 contains no variable affected by the branching. Therefore, 
further pruning will know that calls to the atomic narrowing operator of (j >2 are 
not necessary. 

So denote by Notify(</>, V) the result of replacing all marks of sub-constraints 
that contain variables in V by the empty set. 
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Lemma 4 For every bounded constraint ( q f>, B ) that is correctly, and for every 
box B' such that for all v ft V, B'{v) = B{v), Notify((f>,V), B' is correctly 
marked. 

Proof. All sub-constraints of Notify^, V) that contain V have empty marks 
and Definition 10 requires nothing from them. For all bounded sub-constraints 
that do not contain V, the corresponding bound inherited from B is the same as 
the one from B ', and therefore one does not have to change the corresponding 
marks. ■ 


Definition 11 A narrowing operator preserves marks iff after applying it to a 
bounded constraint that is correctly marked the result is again correctly marked. 

We assume that we have an atomic narrowing operator that preserves marks 
and opposite marks. Of course this can be easily done by always setting the 
marks to the empty set. But, in our implementation, we will try to set them as 
large as possible. 

Now, whenever applying the narrowing operator on atomic constraint/variable 
pairs we check the marks before. For more complicated constraints we have to 
adapt the narrowing operator of Definition 7 such that it updates the marks 
accordingly. This means that for disjunctions, if the box union is different from 
the boxes resulting from narrowing an individual constraints, then we have to 
do notification on it. In a similar way, for conjunctions, when computing the 
fixpoint, every time narrowing succeeds for a sub-constraint, we have to do 
notification for all other sub-constraints. Clearly, by Lemma 4 the adapted 
narrowing operator preserves marks and opposite marks. 

Also for branching we have to do according notification for the changed 
variables. When using adapted branching and pruning in Algorithms 1 and 2, 
we set all marks to the empty set at the beginning and preserve marks and 
opposite marks throughout. 

Clearly the resulting solver does less calls to the narrowing operator for 
projection constraints than the original one. Furthermore this also gives an 
improvement for the case of unquantified constraints for which the solution set 
does not consist of finitely many, isolated solutions. 

8 Timings 

We have implemented the algorithm described in this paper using as the atomic 
narrowing operator an algorithm [25] that computes something similar to box 
consistency. In Table 1 we compare this implementation described in this paper 
with an implementation of the older algorithm using “cylindrical box decom¬ 
position” [41] which also used the same atomic narrowing operator. Here the 
heading “0.1 old” refers to running the older algorithm until it leaves not more 
than a fraction of 1/10 of the solution space unknown, the heading “first” refers 
to running the current algorithm till it finds the first true box, and the heading 
“0.1” refers to running the current algorithm in the same way as the older one. 

Columns headed by “Time” list the time in seconds needed to solve the 
problem where e means less than a second and oo more than 10 minutes; columns 
headed by “Hits” list the number of calls to the atomic narrowing operator 
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for the new algorithms (this is a good efficiency measure because it ignores 
implementation details, and because atomic narrowing takes the largest part of 
the overall runtime); and columns headed by “Boxes” list the total number of 
boxes created (true, false, and unknown boxes). 

Examples starting with McCallum are from computational geometry [35]— 
asking the questions whether there exists a solution to a given system of in¬ 
equalities. The example “circle” simply computes a description of the unit 
disc x 2 + y 2 < 1, “silaghi” is a system of inequalities describing the geometry 
of a simple mechanical problem [52], the example “anderson2” is a system of 
polynomial inequalities from control engineering [2, 1, 23], the example “ander- 
son2_proj” computes the projection of the former into two-dimensional space, 
the example “termination” proves the termination of a certain term-rewrite 
system [15]. All examples starting with “robust” are taken from robust con¬ 
trol [19, 22, 33, 20, 28, 26] and laid out on a web-site [39]. 

For all examples we push quantifiers inside as much as possible by trans¬ 
forming A (f> 2) to (V<(>i) A (y<f> 2) and the dual for existential quantification. 

Furthermore, in the few cases, where no quantification bounds were available, 
we introduced new, very large ones. 


Example 

0.1 old 

Time Boxes 

Time 

first 

Hits 

Boxes 

Time 

0.1 

Hits 

Boxes 

McCallum_2_l 

£ 


£ 

22 


£ 

22 


McCallum_2_2 

£ 


£ 

157 


£ 

157 


McCallum_2_3 

£ 


£ 

2854 


£ 

2854 


McCallum_2_4 

£ 


£ 

153 


£ 

153 


anderson2 

£ 

391 

10.95 

150343 

575 

£ 

3372 

250 

anderson2_proj 

16.81 

3466 

£ 

1129 

21 

2.69 

21058 

620 

circle 

£ 

42 

£ 

19 

10 

£ 

60 

26 

robust-1 

£ 

23 

£ 

13 

3 

£ 

121 

16 

robust-2 

OO 


90.74 

663011 

1266 

OO 

OO 


robust-3 

OO 


£ 

344 

5 

£ 

936 

9 

robust-5 

OO 


£ 

376 

11 

OO 

OO 


robust-6 

5.4 

112 

£ 

34 

3 

256.14 

564326 

4309 

silaghi 1 

£ 

19 

£ 

25 

6 

£ 

25 

6 

termination 

OO 


£ 

90 


£ 

90 



Table 1: Comparison with Cylindrical Box Decomposition 


As one can see, except for the example “robust-6” the number of generated 
boxes is much smaller for the new algorithm. For the examples where it is 
possible to make a clear comparison of the run-times, the new algorithm is also 
faster (again with the exception of “robust-6”). An analysis of the behavior 
for the outlier “robust-6” shows that in this case our branching heuristics do 
not work very well—alternative heuristics show a much better behavior. This 
suggests that a detailed study of such heuristics—expanding results for a simpler 
branch-and-bound approach [45] can still result in large improvements of the 
method. 

In Table 2 we show the results of some of the algorithm improvements in¬ 
troduced in Section 7. We chose these that need a non-trivial implementation 
effort or these for which it is not totally clear that they improve the efficiency 
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of the algorithm. These are the ones described in Section 7.7 and Section 7.8. 


Example 

no reuse/ 
Time 

no sh.cut 
Hits 

no reuse/sh.cut 
Time Hits 

reuse/no sh.cut 
Time Hits 

reuse/sh.cut 
Time Hits 

McCallum_2_l 

£ 

22 

£ 

22 

£ 

22 

£ 

22 

McCallum_2_2 

£ 

182 

£ 

169 

£ 

150 

£ 

157 

McCallum_2_3 

£ 

10059 

£ 

3005 

£ 

3760 

£ 

2854 

McCallum_2_4 

£ 

163 

£ 

165 

£ 

138 

£ 

153 

anderson2 

£ 

4034 

£ 

4251 

£ 

2964 

£ 

3372 

anderson2_proj 

8.49 

78985 

8.54 

65401 

7.57 

55443 

7.54 

55244 

circle 

£ 

95 

£ 

95 

£ 

60 

£ 

60 

robust-1 

£ 

138 

£ 

139 

£ 

116 

£ 

121 

robust-2 

OO 

OO 

OO 

OO 

OO 

OO 

OO 

OO 

robust-3 

£ 

1623 

£ 

1115 

£ 

1003 

£ 

936 

robust-5 

OO 

OO 

OO 

OO 

OO 

OO 

OO 

OO 

robust-6 

147.89 

637216 

285.52 

702734 

69.8 

255163 

256.14 

564326 

silaghil 

£ 

31 

£ 

27 

£ 

27 

£ 

25 

termination 

£ 

282 

£ 

102 

£ 

156 

£ 

90 


Table 2: Comparison of Improvements 


One can conclude that reusing dual information (Section 7.8) always im¬ 
proves the algorithm, sometimes significantly. This phenomenon also occurs for 
examples that do not contain any quantifiers. On the other hand, for taking 
shortcuts for disjunctions (Section 7.7), the influence on efficiency is inconclu¬ 
sive, especially when combined with the former improvement. 

Note that often one can get even better run-times by symbolically eliminating 
linearly quantified variables before [59, 31]. Unfortunately, in some cases the 
result can be very large, destroying the positive effect of the eliminated variable. 
Future work will investigate this behavior in detail. 


9 Relation to Classical Algorithms 

A. Tarski [53] showed that quantified constraints over the reals with equality 
and inequality predicates, multiplication and addition admit quantifier elimina¬ 
tion. Adding additional function symbols (e.g., sin, tan), usually removes this 
property [48, 54, 32], Using the method in this paper one can still compute 
useful information for these cases, provided that the input is numerically stable. 

The complexity bound supplied by Tarski’s method has been improved sev¬ 
eral times [14, 46, 4]- but the problem is inherently doubly exponential [18, 59] 
in the number of quantifier alternations, and exponential in the number of vari¬ 
ables. 

The only general algorithm for which a practically useful implementation 
exists, is the method of quantifier elimination by cylindrical algebraic decompo¬ 
sition [14]. This algorithm employs similar branching as the algorithm presented 
in this paper. However, its branching operation is much more complicated be¬ 
cause it branches into a finite set of truth-invariant cells , that is, into pieces 
whose value can be computed by evaluation on a single sample point. For be¬ 
ing able to do this, its quantifier bounds can depend on the free variables, 
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and branching is done based on information from projection polynomials. For 
implementing these operations one needs expensive real algebraic number com¬ 
putations. 

Instead of branching, quantifier elimination by partial cylindrical algebraic 
decomposition [15] employs pruning in a similar sense as described in this pa¬ 
per. However it still decomposes into truth-invariant cells, which again needs 
expensive computation of projection polynomials, and real algebraic numbers. 

In contrast to this, the narrowing operator provided in this paper is cheap, 
and can do pruning in polynomial time. As a result, we have a clear separation 
between polynomial time pruning, and exponential branching. So we have a way 
of working around the high worst-case complexity of the problem, whenever a 
small amount of branching is necessary. 

For inputs with free variables all of these algorithms produce symbolic output 
that is equivalent to the input, but quantifier-free. This output can be huge. 
In many applications, such output is only considered a transformation of the 
problem, but not a solution. In contrast to this, our algorithm produces explicit 
numerical output, that one can directly visualize for dimensions less than three. 


10 Conclusion 

In this paper we have provided an algorithm for solving quantified inequality 
constraints over the reals. Although this is an undecidable problem, the algo¬ 
rithm terminates for all, except pathological (i.e., unstable) inputs. 

The result has several advantages over earlier approaches: Compared to sym¬ 
bolic approaches [14, 11] it is not restricted to polynomials, and avoids compli¬ 
cated and inefficient computation with real algebraic numbers. Furthermore it 
decreases the necessity for expensive space decomposition by extracting informa¬ 
tion using fast consistency techniques. Compared to earlier interval approaches 
that could deal with quantifiers of some form, it provably terminates for all ex¬ 
cept unstable inputs, and can either handle a more general case [28, 33, 6, 50], 
or provides a much cleaner, more elegant, and efficient framework [41]. 

As a side-effect, this paper even improves the current methods for (unquan¬ 
tified) numerical constraint satisfaction problems in the case where the solution 
set does not consist of finitely many, isolated solutions. 

In future work we will explore optimal branching strategies [45, 30, 17], ex¬ 
ploit continuity information for efficiently dealing with equalities [43], exploit the 
structure of quantified constraints in special problem domains, and provide an 
implementation that allows the flexible exchange of different atomic narrowing 
operators. 

This work has been supported by a Marie Curie fellowship of the European 
Union under contract number HPMF-CT-2001-01255. 
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